Subscribe
  • Home
  • /
  • Malware
  • /
  • How long before you know you've been hacked?

How long before you know you've been hacked?

Matthew Burbidge
By Matthew Burbidge
Johannesburg, 23 May 2018
Corrie Goosen, Risk X Data Assurance.
Corrie Goosen, Risk X Data Assurance.

It takes organisations worldwide about 100 days before they realise their infrastructure has been compromised by malware, delegates at ITWeb's Security Summit 2018 were told on Tuesday.

Corrie Goosen, a director at Risk X Data Assurance, said this 'dwell time' in Europe, the Middle East and Africa (EMEA) was recorded at 175 days in 2017. This number increased to 416 in the Asia-Pacific region and was estimated at 75 days in the Americas. The EMEA dwell time was at 416 days in 2011, and, as Goosen said: "We've come a long way."

He said sophisticated persistent attacks were planned in advance, and typically customised to the target. This most often meant an incursion, which could involve physical cables, or 'sniffers' (a program that monitors network traffic).

However, said Goosen, the weakest link is 'your colleague sitting next to you'.

While attackers used reconnaissance, social engineering as well as zero-day vulnerabilities, they would also target staff members, and sometimes threaten their families.

"(The attackers say), `If you don't do what I want you to do, I'm going to take your family away.' And then they have somebody on the hook. They're working for the attacker now, because they have them under threat."

X head: You're one of us now

He said some criminal syndicates in South Africa would also pay those working for them, and then, 'You're part of the story'.

"And they keep on paying you, because you're as much a part of the incident as anyone else."

Goosen said some compromised employees also grew to enjoy the extra money.

He said that syndicates would also verify one person's information with another compromised source within the business, because they needed to know 'that their source is good'.

By this time, the syndicate was now embedded within the organisation and would settle into what he called a 'long-term occupancy'.

"There's a lot of this going on in South Africa, and until that declaration goes through where you have to declare a breach, your colleague sitting next door in another building doesn't know that he's been exposed to exactly the same thing that your specific industry has been exposed to."

Goosen said security professionals needed to know which threats their antivirus software protected them against, because anti-malware and anti-virus kits offer protection against different threats. It was also important to be clear about what the business' needs are.

He said in his experience, anti-virus tools have typically not been properly installed and the clients have not been informed about its capabilities.

Moreover, very few organisations have an incident response plan.

"They don't have the ability to identify an incident, they can't look at what the malware has done, and they can't stop it.

"We just get a phone call, and the person says, 'We've realised there's something interesting going on in our business'.

He said those affected by malware always believe that the attack must have been a sophisticated one.

"But 99.5% of the attacks we investigate are not sophisticated. It's an internal error, or it's neglect. And it's an ugly word we all know: budget. You only have so much money."

Share